US8681357B2 - Image forming system, computer-readable recording medium storing driver program, and image forming method for remote job execution - Google Patents
Image forming system, computer-readable recording medium storing driver program, and image forming method for remote job execution Download PDFInfo
- Publication number
- US8681357B2 US8681357B2 US12/950,704 US95070410A US8681357B2 US 8681357 B2 US8681357 B2 US 8681357B2 US 95070410 A US95070410 A US 95070410A US 8681357 B2 US8681357 B2 US 8681357B2
- Authority
- US
- United States
- Prior art keywords
- user
- image forming
- logged
- server device
- job
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Expired - Fee Related, expires
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/606—Protecting data by securing the transmission between two devices or processes
- G06F21/608—Secure printing
Definitions
- the present invention relates to an image forming system, a computer-readable recording medium storing driver program, and an image forming method.
- directory services such as Active Directory and e-Directory have been introduced in order to manage users and devices in a network system.
- Some image forming apparatuses such as a printer, a copier, and a multifunction peripheral (MFP) have a network function, which performs management of users and groups by the directory service.
- MFP multifunction peripheral
- To perform the management of the users by the directory service a user authentication for a user who has performed a login operation to the image forming apparatus is performed on the server device for the directory service.
- an authorization process using only a function permitted to a logged-in user among various functions is performed.
- authorization information specifying a function which is permitted or prohibited for use has been previously set on the image forming apparatus for each user, and some functions to be used by the logged-in user are limited by the authorization information.
- the intermediate server device performs centralized management of the authorization information for each user, but it is difficult to flexibly set the authorization information on users and groups.
- the authorization information in a case of setting the authorization information on a group different from a domain group in the directory service, the authorization information cannot be set collectively, and hence the authorization information must be set for each of a plurality of users belonging to the group. This makes the process of setting up the authorization information more complicated. It is possible to additionally set the authorization information in the directory service on a group basis, but this raises a fear that bad influences may be exerted upon the directory service that is already in operation in a company or the like.
- the image forming apparatus obtains the authorization information on the user who executes a job from the intermediate server device. Therefore, in the case of causing the image forming apparatus to execute the job via the network from the host terminal device, the user cannot be identified unless the user has logged in to the image forming apparatus, and hence it is difficult to acquire the authorization information. Accordingly, in the case of causing the image forming apparatus to execute the job via the network from the host terminal device, the user needs to have logged in to the image forming apparatus by transmitting the user authentication information (such as a password) from the host terminal device to the image forming apparatus.
- the user authentication information such as a password
- the present disclosure relates to an image forming system that may limit a function used by an image forming apparatus according to authorization information while maintaining security and may cause one login process to be necessary in executing a job on the image forming apparatus via a network from a host terminal device, and also relates to a computer-readable recording medium that stores a driver program.
- An image forming system includes: an image forming apparatus coupled to a network, a host terminal device coupled to the network configured to cause the image forming apparatus to execute a job, and a user-manager server device coupled to the network and including authorization information on one of a group and a user. If authentication of the logged-in user to the host terminal device is successful, the user-manager server device transmits to the host terminal device a job ticket indicating one or more job execution permissions on the image forming apparatus for a logged-in user and the authorization information corresponding to the logged-in user. The host terminal device generates a job execution instruction corresponding to the authorization information, and transmits the job execution instruction and the job ticket to the image forming apparatus. The image forming apparatus executes the job specified by the job execution instruction if the job ticket is valid.
- a computer-readable recording medium that stores a driver program to be installed on a host terminal device that causes an image forming apparatus to execute a job via a network.
- the driver program controls a computer within the host terminal device to function as: a ticket processing unit configured to if authentication of the logged-in user to the host terminal device is successful, receive a job ticket indicating one or more job execution permissions on the image forming apparatus and authorization information corresponding to a logged-in user from a user-manager server device coupled to the network that includes authorization information on one of a group and a user, and a job processing unit configured to (i) generate a job execution instruction responsive to the authorization information, (ii) transmit the job execution instruction and the job ticket to the image forming apparatus, and (iii) cause the image forming apparatus to execute the job.
- An image forming method includes: transmitting, via a host terminal device coupled to a network, a request to issue a job ticket to a user-manager server device via the network when a job request made by a logged-in user is detected by a driver, verifying, via a directory server device coupled to the network, whether or not authentication of the logged-in user has been successful, if the authentication is successful, generating, via the user-manager server device, the job ticket of the logged-in user and transmitting the job ticket and authorization information corresponding to the logged-in user to the host terminal device via the network, generating, via the host terminal device, a job execution instruction responsive to the authorization information and transmitting the job execution instruction and the job ticket to an image forming apparatus, and if the job ticket is valid, executing, via the image forming apparatus, a job specified by the job execution instruction.
- FIG. 1 is a block diagram illustrating a configuration of an image forming system according to an embodiment of the present disclosure
- FIG. 2 is a block diagram illustrating a configuration of a multifunction peripheral (MFP);
- FIG. 3 is a block diagram illustrating a configuration of a user-manager server device
- FIG. 4 is a diagram illustrating a structural example of authorization policy data
- FIG. 5 is a block diagram illustrating a configuration of a directory server device.
- FIG. 6 is a block diagram illustrating a configuration of a host terminal device.
- FIG. 7 is a sequence diagram illustrating an operation of each of apparatuses and devices when a user logs in to the MFP in the image forming system illustrated in FIG. 1 ;
- FIG. 8 is a sequence diagram illustrating a processing for causing the MFP to execute a job from the host terminal device in the image forming system illustrated in FIG. 1 .
- the MFP 1 A is an image forming apparatus having a printer function, a scanner function, a copy function, a facsimile function, and the like, that uses those functions to execute various kinds of jobs responsive to receiving an instruction from an operation panel on the MFP 1 A or from a host terminal device connected to the network 2 .
- the MFP 1 B is an image forming apparatus having a same or similar configuration.
- the user-manager server device 3 receives a user authentication request from the MFPs 1 A and 1 B, and provides authorization information corresponding to a logged-in user to the MFPs 1 A and 1 B.
- the directory server device 4 provides a directory service such as Active Directory or e-Directory.
- FIG. 2 is a block diagram illustrating a configuration of the MFP 1 A of FIG. 1 .
- the MFP 1 B includes a same or similar configuration.
- the MFP 1 A includes an operation panel 21 , a modem 22 , a network interface 23 , a printer 24 , a scanner 25 , and a control device 26 .
- the operation panel 21 is installed onto the MFP 1 A, and includes a display device 21 a that presents various kinds of information to the user and an input device 21 b that receives a user operation.
- the display device 21 a may include, for example, a liquid crystal display and various kinds of indicators.
- the input device 21 b may include, for example, a touch panel and key switches.
- the modem 22 is a communication device that is connected to a subscriber's telephone line network such as a public switched telephone network (PSTN) and performs transmission/reception of facsimile data.
- PSTN public switched telephone network
- the printer 24 performs printing on a paper sheet responsive to a print request and delivers a printed paper sheet.
- the printer 24 forms an electrostatic latent image on the photoconductor drum surface, develops the electrostatic latent image via toner, transfers the developed toner image onto the paper sheet, fixes the toner image, and delivers the printed paper sheet to an output tray.
- the scanner 25 applies light to one side surface or both side surfaces of a document fed from an automatic document feeder or a document placed by the user, receives reflected light, and outputs corresponding image data reflecting the contents of the document.
- the control device 26 controls processing units of the MFP 1 A and performs data processing.
- the control device 26 is configured as a computer including, for example, a central processing unit (CPU), a read only memory (ROM), and a random access memory (RAM).
- the CPU implements various kinds of processing units by loading a program stored in the ROM or other storage device (for example, a flash memory) into the RAM and executing the program.
- the control device 26 implements a FAX communication unit 31 , a network communication unit 32 , a control unit 33 , and a determination unit 34 .
- the FAX communication unit 31 controls the modem 22 to receive the facsimile data. After receiving of the facsimile data, the FAX communication unit 31 supplies a corresponding print request to the control unit 33 .
- the network communication unit 32 controls the network interface 23 to perform data communications with the devices on the network 2 using various kinds of communication protocols. For example, the network communication unit 32 transmits, to the user-manager server device 3 , a user name (user ID) and a password input through the operation panel 21 upon user login, and receives the authorization information corresponding to the logged-in user from the user-manager server device 3 . Further, the network communication unit 32 receives the print request for page description language (PDL) data or the like from the host device, and supplies the print request to the control unit 33 .
- PDL page description language
- the control unit 33 receives a job request in response to a user operation with respect to the operation panel 21 or a job execution instruction received from the host terminal device 5 by the network interface 23 and the network communication unit 32 , and controls the units within the MFP 1 A to execute a job corresponding to the job request.
- the job execution instruction may include a print request, a scan request, and/or a facsimile transmission request.
- the control unit 33 causes the network communication unit 32 to request a user authentication, authorization information, and the like from the user-manager server device 3 .
- the control unit 33 determines whether or not a job ticket received along with the job execution instruction is valid, and only if the job ticket is valid, executes the job (such as printing, scanning, or facsimile transmission) specified by the job execution instruction. It should be noted that the job ticket is data indicating permissions for jobs to be performed on the MFP 1 A and/or 1 B.
- control unit 33 may receive a user name (user ID) along with a job execution instruction, transmit the user name (user ID) and a job ticket to the user-manager server device 3 , cause the user-manager server device 3 to verify whether or not the job ticket has been issued to the user name, receive a verification result from the user-manager server device 3 , and determine whether or not the job ticket is valid based on the verification result. Further, the control unit 33 may receive the user name (user ID) along with the job execution instruction, perform a predetermined calculation, and determine whether or not the job ticket has been issued to the user of the user name (user ID).
- the job ticket is a value of a predetermined function (hash function, encryption function, or the like) using the user name (user ID) as a variable
- a predetermined function such as, for example, SHA-1, SHA-1, SHA-1, SHA-1, SHA-1, SHA-1, SHA-1, SHA-1, SHA-1, SHA-1, SHA-1, SHA-1, SHA-1, SHA-1, SHA-1, SHA-1, ⁇ , ⁇ , ⁇ , ⁇ , ⁇ , ⁇ , ⁇ , ⁇ , ⁇ , ⁇ , ⁇ , ⁇ , a predetermined function, encryption function, or the like.
- the value of the same function obtained from the received user name (user ID) matches the value of the received job ticket, it may be determined that the job ticket has been issued to the user of the user name (user ID).
- the determination unit 34 specifies a function which is prohibited or permitted for use by the logged-in user from among the functions that the MFP 1 A provides, and stores data indicating whether or not the use of each of the functions is permitted in the RAM.
- the control unit 33 references the data to limit the use of the MFP 1 A by the logged-in user. For example, when the use of a color copy function is limited for a particular logged-in user, a menu of the copy function may be displayed on the operation panel 21 so as to prevent the color copy function from being chosen by the particular logged-in user. For example, a button for choosing a color copy may be grayed out.
- FIG. 3 is a block diagram illustrating a configuration of the user-manager server device 3 of FIG. 1 .
- the user-manager server device 3 includes a storage device 41 , a network interface 42 , and a processor 43 .
- the storage device 41 stores a program and data.
- the storage device 41 may include a nonvolatile semiconductor memory, a hard disk drive, or the like.
- the storage device 41 may store authorization policy data 51 , local user data 52 , and local group data 53 .
- the authorization policy data 51 includes authorization information data having the authorization information used for specifying the function which is permitted for use by the logged-in user at the MFPs 1 A and/or 1 B.
- the authorization policy data 51 includes the authorization information on a user and/or group basis.
- the authorization information on users may be applied to a user
- the authorization information on groups may be applied to a user belonging to a group.
- the authorization policy data 51 includes the authorization information on domain users registered on the directory server device 4 and/or the authorization information on local users registered on the user-manager server device 3 .
- the authorization policy data 51 includes the authorization information on domain groups registered on the directory server device 4 and/or the authorization information on local groups registered on the user-manager server device 3 .
- the authorization information on users may include an ID of a user and information on a function (for example, an ID of the function) which is permitted or prohibited for use by the user.
- the authorization information on groups includes an ID of a group and information on a function (for example, an ID of the function) which is permitted or prohibited for use by a user belonging to the group.
- the function which is permitted or prohibited for use may include upper-level functions such as printing, scanning, copying, facsimile transmission, and/or lower-level items (for example, a color/black choosing function) accompanying each of the upper-level items.
- FIG. 4 is a diagram illustrating a structural example of the authorization policy data 51 of FIG. 3 .
- a domain group A includes domain users A, B, C, and D.
- a local group A includes local users A and B and domain users B and D.
- An authorization policy # 1 (policy data including authorization information) is set for the domain group A.
- An authorization policy # 2 is set for the domain user A belonging to the domain group A.
- An authorization policy # 3 is set for the local group A.
- An authorization policy # 4 is set for the local user A belonging to the local group A.
- An authorization policy # 5 is set for the domain user B belonging to the domain group A.
- An authorization policy # 6 is set for a domain user E.
- An authorization policy # 7 is set for a local user C.
- the local user data 52 is registration information data including the authentication information on local users (for example, the user ID and the password).
- the local user is registered on the user-manager server device 3 separately from the domain user registered on the directory server device 4 .
- the local group data 53 is registration information data including the authentication information on local groups (the group ID and the user IDs of the users belonging to the group).
- the local group is registered on the user-manager server device 3 separately from the domain group registered on the directory server device 4 .
- the local group includes the local users and the domain users. In other words, the local group consisting of only the local users, the local group consisting of only the domain users, and the local group consisting of the local users and the domain users are set.
- the network interface 42 is connected to the computer network 2 in a wired and/or wireless manner, and performs data communications with other devices (for example, MFPs 1 A and 1 B and directory server device 4 ) connected to the network 2 .
- devices for example, MFPs 1 A and 1 B and directory server device 4 .
- the processor 43 is configured as a computer including a CPU, a ROM, and a RAM, and implements various kinds of processing units by loading a program stored in the ROM or the storage device 41 into the RAM and causing the CPU to execute the program.
- the processor 43 implements a network communication unit 61 , a user authentication processing unit 62 , an authorization processing unit 63 , and a job ticket issue processing unit 64 .
- the network communication unit 61 controls the network interface 42 to perform data communications with the devices on the network 2 using various kinds of communication protocols.
- the network communication unit 61 may receive the user name (user ID) and the password from the MFP 1 A, and transmit the authorization information on the user to the MFP 1 A.
- the network communication unit 61 may also transmit the user authentication request to the directory server device 4 , and receive an authentication result and user information from the directory server device 4 .
- the user authentication processing unit 62 uses the network interface 42 to cause the directory server device 4 to perform authentication of the logged-in users to the MFPs 1 A and/or 1 B.
- the authorization processing unit 63 extracts the authorization information on local groups from the authorization policy data 51 , and transmits the authentication information as the authorization information corresponding to the logged-in user to the MFP 1 A and/or the MFP 1 B through the network interface 42 .
- the authorization processing unit 63 extracts the authorization information on domain users or domain groups to which the logged-in user belongs from the authorization policy data 51 , and transmits the authentication information as the authorization information corresponding to the logged-in user to the MFP 1 A and/or the MFP 1 B through the network interface 42 .
- the authorization policy # 2 and the authorization policy # 1 are transmitted to the MFP 1 A. If a conflict occurs between the authorization information on the user and on the group (for example, authorization policy # 2 and authorization policy # 1 ), the predetermined authorization information on the groups or users is applied.
- the authorization policy # 5 , the authorization policy # 3 , and the authorization policy # 1 are transmitted to the MFP 1 A. If a conflict occurs between the authorization information on domain groups and local groups (for example, authorization policy # 1 and authorization policy # 3 ), the predetermined authorization information on domain groups or local groups is applied.
- the authorization policy # 1 is transmitted to the MFP 1 A. Further, when the domain user D logs in to the MFP 1 A, the authorization policy # 1 and the authorization policy # 3 are transmitted to the MFP 1 A.
- the authorization policy # 6 is transmitted to the MFP 1 A.
- the authorization policy # 4 and the authorization policy # 3 are transmitted to the MFP 1 A.
- the authorization policy # 3 is transmitted to the MFP 1 A.
- the authorization policy # 7 is transmitted to the MFP 1 A.
- the authorization processing unit 63 may generate user-authorization information that permits the use of the function which is permitted for use by any one of the authorization information. In other words, the authorization processing unit 63 may generate user-authorization information that prohibits the use of the function which is prohibited for use by at least one of the authorization information.
- the ticket issuance processing unit 64 If an issuance request for a job ticket is received from the host terminal device 5 operated by a logged-in user to the host terminal device 5 after the logged-in user has succeeded in the user authentication on the directory server device 4 , the ticket issuance processing unit 64 generates the job ticket and transmits the job ticket and the authorization information applied to the logged-in user to the host terminal device 5 . It should be noted that, the issuance request for the job ticket made by the user who has not succeeded in the user authentication on the directory server device 4 is rejected. Further, in place of the ticket issuance processing unit 64 , the authorization processing unit 63 may transmit the authorization information applied to the logged-in user to the host terminal device 5 .
- the ticket issuance processing unit 64 may use a predetermined function to generate a job ticket unique to the user from the user name (user ID). Further, for example, the ticket issuance processing unit 64 may use a predetermined function to generate the job ticket unique to the user from the user name (user ID) and one-time data (single-use information). For example, a hash function may be used as the predetermined function. Information that changes each time the job ticket is issued may be used as the one-time data, such as information including a serial number having a date and/or time of the issuance of the request for the job ticket or job ticket generation.
- the ticket issuance processing unit 64 may save the generated job ticket in the storage device 41 in association with the user name (user ID) of the issuance destination of the job ticket.
- the ticket issuance processing unit 64 may return to the MFP 1 A and/or 1 B the verification result indicating that the job ticket is valid, and delete/nullify the job ticket from the storage device 41 . This allows the user to use the job ticket, which has been issued to the user, for the job execution on the MFP 1 A and/or 1 B only once.
- FIG. 5 is a block diagram illustrating a configuration of the directory server device 4 of FIG. 1 .
- the directory server device 4 includes a storage device 71 , a network interface 72 , and a processor 73 .
- the storage device 71 stores a program and data.
- the storage device 71 may be, for example, a nonvolatile semiconductor memory, a hard disk drive, or the like.
- a directory database (DB) 91 for a directory service is built on the storage device 71 .
- the directory database 91 may include user data 91 a and group data 91 b .
- the user data 91 a may include registration information data having authentication information (for example, the user ID and the password) and user information (for example, contact information such as a telephone number, a facsimile transmission number, or an electronic mail address and other attribute information).
- the group data 91 b may include registration information data having the authentication information (for example, a group ID, user IDs of users belonging to the group) and group information (for example, contact information, a manager, and other attribute information).
- the network interface 72 is connected to the computer network 2 in a wired or wireless manner, and performs data communications with other devices (for example, the user manager server device 3 ) connected to the network 2 .
- the processor 73 includes a CPU, a ROM, and a RAM, and implements various processing units by loading a program stored in the ROM or the storage device 71 into the RAM and causing the CPU to execute the program.
- the processor 73 may implement a network communication unit 81 and a directory service processing unit 82 .
- the network communication unit 81 controls the network interface 72 to perform data communications with the devices on the network 2 using various kinds of communication protocols. For example, the network communication unit 81 may receive the user authentication request, and transmit the authentication result and the user information.
- the directory service processing unit 82 manages the domain user and the domain group.
- the directory service processing unit 82 performs registration and deletion of the domain user and the domain group, user authentication, and provision of the user information on the domain user and the group information on the domain group.
- the user authentication may include lightweight directory access protocol (LDAP) authentication, Kerberos authentication, or the like.
- LDAP lightweight directory access protocol
- Kerberos authentication or the like.
- the directory service processing unit 82 may operate as a domain controller.
- FIG. 6 is a block diagram illustrating the configuration of the host terminal device 5 of FIG. 1 .
- the host terminal device 5 includes a storage device 101 , a network interface 102 , a display device 103 , an input device 104 , and a processor 105 .
- the host terminal device 5 may be, for example, a personal computer in which predetermined programs such as an operating system and driver programs are installed.
- the storage device 101 stores a program and data.
- the storage device 101 may include a nonvolatile semiconductor memory, a hard disk drive, or the like.
- the storage device 101 stores a driver program 101 a.
- the network interface 102 is connected to the computer network 2 in a wired and/or wireless manner, and performs data communications with other devices (for example, the MFP 1 A or 1 B, the user manager server device 3 , and the directory server device 4 ) connected to the network 2 .
- devices for example, the MFP 1 A or 1 B, the user manager server device 3 , and the directory server device 4 .
- the display device 103 (for example, a liquid crystal display) displays various kinds of information to the user.
- the input device 104 (for example, a keyboard and/or a mouse) receives a user operation, and outputs an electrical signal corresponding to the user operation to the processor 105 .
- the processor 105 is configured as a computer including a CPU, a ROM, and a RAM, and implements various processing units by loading a program stored in the ROM or the storage device 101 into the RAM and causing the CPU to execute the program.
- the processor 105 may cause the operating system (such as Windows, registered trademark) to implement a network communication unit 111 and a login processing unit 112 , and may cause a driver program 101 a to implement a driver 113 .
- the operating system can cause the host terminal device 5 to participate in the directory service provided by the directory server device 4 .
- the network communication unit 111 controls the network interface 102 to perform data communications with the devices on the network 2 using various communication protocols.
- the login processing unit 112 causes the directory server device 4 to perform the user authentication on the user of the host terminal device 5 and permits only a user who has succeeded in the user authentication to perform further operations after the login operation.
- the display device 103 is caused to display a login screen that prompts an input of user authentication information (such as a user ID and/or password). If the user authentication information is input to the input device 104 , input user authentication information is identified, and the user authentication request and the user authentication information are transmitted to the directory server device 4 .
- the display screen is caused to transition to a screen that can be operated by the user (for example, a desktop screen or a screen having a command prompt), that allows the further operations after the login operation (such as execution of an application, a utility, a driver, and the like). Meanwhile, if the user authentication result from the directory server device 4 indicates a failed authentication, the display of the login screen is continued, and the further operations are inhibited.
- the driver 113 includes a ticket processing unit 121 and a job processing unit 122 .
- the ticket processing unit 121 acquires the job ticket and the authorization information applied to the logged-in user from the user-manager server device 3 after the logged-in user has succeeded in the user authentication via the directory server device 4 .
- the job processing unit 122 generates a job execution instruction responsive to the authorization information acquired by the ticket processing unit 121 and transmits the generated job execution instruction to the MFP 1 A (and/or MFP 1 B) along with the job ticket to execute the job.
- the job processing unit 122 transmits the user name (user ID) along with the job execution instruction as necessary.
- the job processing unit 122 does not transmit the user authentication information (that is, secret information necessary for login, such as a password) to the MFP 1 A (and/or MFP 1 B).
- FIG. 7 is a sequence diagram illustrating the operation of each of the apparatuses and the devices when the user logs in to the MFP 1 A in the image forming system illustrated in FIG. 1 .
- Each of the apparatuses and the devices illustrated in FIG. 7 would operate in a same or similar manner when a user logs in to the MFP 1 B.
- the operation panel 21 of the MFP 1 A detects an operation of inputting a user name (the user ID) and a password performed by the user (S 1 ).
- the control unit 33 causes the network communication unit 32 and the network interface 23 to transmit the user name and/or the password to the user-manager server device 3 (S 2 ).
- the user authentication processing unit 62 causes the network communication unit 61 and the network interface 42 to receive the user name and/or the password and transmit the user name, the password, and an authentication request to the directory server device 4 using a predetermined protocol (for example, LDAP) (S 3 ).
- a predetermined protocol for example, LDAP
- the directory service processing unit 82 causes the network communication unit 81 and the network interface 72 to receive the user name, the password, and the authentication request by the predetermined protocol, and references the directory database 91 to determine whether or not the user name and/or the password belongs to a valid user (S 4 ).
- the directory service processing unit 82 causes the network communication unit 81 and the network interface 72 to transmit a determination (authentication) result (and, if the authentication is successful, the user information on the user), to the user-manager server device 3 as a response to the authentication request (S 5 ).
- the user authentication processing unit 62 causes the network communication unit 61 and the network interface 42 to receive the authentication result as the response to the authentication request. If the authentication has been successful, the user authentication processing unit 62 receives the user information, and the authorization processing unit 63 references the authorization policy data 51 to specify the authorization information on the user (authorization policy to be applied to the user) (S 6 ). The authorization processing unit 63 causes the network communication unit 61 and the network interface 42 to transmit a response indicating the successful authentication to the MFP 1 A (and/or MFP 1 B) in addition to the authorization information and the user information (S 7 ).
- the control unit 33 causes the network communication unit 32 and the network interface 23 to receive the authorization information and the user information, and provides the authorization information to the determination unit 34 (S 8 ). Based on the authorization information, the determination unit 34 sets, in the RAM, data indicating whether or not the user is permitted to use each of the functions that the MFP 1 A provides.
- the user is then permitted to use the MFP 1 A with the functions limited according to the authorization information (S 9 ).
- the control unit 33 references the data set by the determination unit 34 to allow only a job that uses the functions permitted to the user, and executes the allowed job.
- the MFP 1 A may display a message indicating the authentication failure onto the operation panel 21 , and prohibit the user from using the MFP 1 A.
- FIG. 8 is a sequence diagram illustrating the process for causing the MFP 1 A to execute the job from the host terminal device in the image forming system of FIG. 1 . It should be noted that a same or similar process may be used for causing the MFP 1 B to execute a job from the host terminal device 5 .
- the login processing unit 112 After the host terminal device 5 (and the operating system) is started, the login processing unit 112 causes the display device 103 to display the login screen. Once the user operates the input device 104 to input a user name (user ID) and/or a password onto the login screen, the login processing unit 112 identifies the user name (user ID) and/or the password that have been input (Step S 21 ), and causes the network communication unit 111 and the network interface 102 to access the directory server device 4 via the network 2 and request that user authentication be performed on the user name (user ID) and/or the password (Step S 22 ).
- the directory server device 4 determines whether or not the user name (user ID) and/or the password received along with the user authentication request match the user name (user ID) and/or the password of the user registered on the directory server device 4 .
- the directory server device 4 transmits the user authentication result to the host terminal device 5 in response to the user authentication request (Step S 24 ).
- the user logs in to the directory server device 4 and is allowed to access a resource which is registered in the directory service and access the resource(s) which are permitted for the user. It should be noted that, when the user authentication fails, the user fails to log in to the directory server device 4 and cannot perform operations other than making a repeated login attempt.
- the ticket processing unit 121 transmits an issuance request for a job ticket to the user-manager server device 3 via the network 2 (Step S 26 ).
- the ticket issuance processing unit 64 causes the directory service to verify whether or not the user who has made the issue request has logged in to the directory server device 4 (Step S 27 ).
- the ticket issuance processing unit 64 If the user who has made the issue request has logged in to the directory server device 4 , the ticket issuance processing unit 64 generates the job ticket for the user (Step S 28 ). Then, the ticket issuance processing unit 64 transmits the generated job ticket, the authorization information (the authorization policy for the user and/or the authorization policy for the group to which the user belongs) applied to the user, and user information (such as an electronic mail address) on the user to the host terminal device 5 via the network 2 (Step S 29 ). It should be noted that, if the user who has made the issue request has not logged in to the directory server device 4 , the ticket issuance processing unit 64 rejects the issue request and transmits a response indicating a failure in issuing the job ticket to the host terminal device 5 .
- the ticket processing unit 121 After receiving the job ticket, the authorization information, and the user information, the ticket processing unit 121 temporarily saves the job ticket, the authorization information, and the user information in the RAM or the like.
- the job processing unit 122 generates the job execution instruction and the job data within the limits of the authorization information based on the job request of Step S 25 (Step S 30 ). For example, if a printing job is requested, and the authorization information inhibits color printing and permits monochrome printing, the job execution instruction and the job data for the monochrome printing are allowed to be generated, but the job execution instruction and the job data for the color printing are prevented from being generated.
- the driver 113 inhibits the user from executing color printing (for example, grays out an item for the color printing to inhibit the color printing from being chosen from an option menu containing the items for, perhaps, both color printing and monochrome printing on a screen of the driver 113 ) based on the authorization information.
- color printing for example, grays out an item for the color printing to inhibit the color printing from being chosen from an option menu containing the items for, perhaps, both color printing and monochrome printing on a screen of the driver 113 based on the authorization information.
- the job processing unit 122 then transmits the generated job execution instruction and the generated job data along with the job ticket to the MFP 1 A via the network 2 (Step S 31 ).
- page description language (PDL) data may also be transmitted as the job data, but in a case of a job execution instruction for scanning, job data may not be transmitted.
- the control unit 33 of the MFP 1 A After receiving of the job execution instruction, the job data, and the job ticket, for example, the control unit 33 of the MFP 1 A makes an inquiry to the user-manager server device 3 to verify the validity of the job ticket (Step S 32 ). If the job ticket has been legally issued to the user (that is, the job ticket is valid), the control unit 33 executes the job corresponding to the job execution instruction (Step S 33 ). If the job ticket is not valid, the control unit 33 rejects the job execution instruction and does not execute the job.
- the control unit 33 transmits an execution result to the host terminal device 5 via the network 2 (Step S 34 ).
- the execution result may include information as to whether or not the job has been normally completed.
- the execution result may include an image data file generated by a scanning operation.
- the job processing unit 122 of the host terminal device 5 receives the execution result via the network 2 , and displays and saves the execution result corresponding to the type of the job.
- the user-manager server device 3 collects and summarizes logs of the execution job from the MFPs 1 A and 1 B, the logs (in terms of the user name, the job type, and the like) of the execution job are transmitted to the user-manager server device 3 .
- the present disclosure includes various other embodiments.
- other designs can be used in which the above-described components are each performed.
- an ID card (for example, an IC card) assigned to a user may be used instead of the user inputting his or her user name into the MFP 1 A during user login.
- An IC card reader may be connected to the MFP 1 A, and when the ID card is brought to the IC card reader, the control unit 33 may use the IC card reader to read a card ID from the ID card. The control unit 33 may then transmit the card ID to the user-manager server device 3 with the password input in the same manner as in the above-described embodiment.
- conversion data is stored in which the card ID is associated with a user ID of the user to which the ID card is assigned.
- the user authentication processing unit 62 After receiving of the card ID and the password, the user authentication processing unit 62 references the conversion data to specify the user ID corresponding to the card ID, and causes the directory server device 4 to perform the user authentication based on the specified user ID and the received password.
- a card including a recording medium of another format may also or alternatively be used.
- a reader that can read the card ID from the card of the another format is used instead of the IC card reader.
- biometric information such as a fingerprint may be used instead of the ID card.
- a reader that can acquire the biometric information from the user is used instead of the IC card reader, and a characteristic of a feature obtained from the biometric information is used as biometric ID.
- the host terminal device 5 directly accesses the directory server device 4 to request the user authentication.
- the host terminal device 5 may request the user authentication from the user-manager server device 3 , and the user-manager server device 3 may cause the directory server device 4 to perform the user authentication.
- the IC card reader may be provided to the host terminal device 5 , and the login to the directory server device 4 may be performed by using an ID card or the like.
- the user-manager server device 3 converts a card ID of the ID card into the user ID (user name).
- the local users and the domain users coexist in the local group, but the local group may be formed of only local users or the local group may be formed of only domain users, or some combination thereof.
- the user-manager server device 3 and the directory server device 4 may be configured to perform data communications via another network different from the network 2 by connecting the user-manager server device 3 to the another network instead of being connected to the network 2 .
- the host terminal device 5 is configured to have access to a network that provides access to the user-manager server device 3 and/or the directory server device 4 .
- the MFPs 1 A and 1 B are used as the image forming apparatuses, but a printer, a copier, and the like may additionally or alternatively be used. Further, while the illustrated image forming system includes two image forming apparatuses, the image forming system may alternatively include less than two or more than two image forming apparatuses.
- An access right level to the MFP may be included in the authorization information.
- one of the administrator and the general user is set as the access right level.
- the administrator it is possible to use a function such as maintenance, which cannot be used by the general user.
- the driver program may be recorded on a portable recording medium, and the driver program may be installed and/or executed from the recording medium onto the host terminal device 5 .
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Software Systems (AREA)
- General Health & Medical Sciences (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- Health & Medical Sciences (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Bioethics (AREA)
- Facsimiles In General (AREA)
- Accessory Devices And Overall Control Thereof (AREA)
- Control Or Security For Electrophotography (AREA)
Abstract
Description
Claims (15)
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
JP2009-268575 | 2009-11-26 | ||
JP2009268575A JP5069819B2 (en) | 2009-11-26 | 2009-11-26 | Image forming system |
Publications (2)
Publication Number | Publication Date |
---|---|
US20110122439A1 US20110122439A1 (en) | 2011-05-26 |
US8681357B2 true US8681357B2 (en) | 2014-03-25 |
Family
ID=44061879
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
US12/950,704 Expired - Fee Related US8681357B2 (en) | 2009-11-26 | 2010-11-19 | Image forming system, computer-readable recording medium storing driver program, and image forming method for remote job execution |
Country Status (2)
Country | Link |
---|---|
US (1) | US8681357B2 (en) |
JP (1) | JP5069819B2 (en) |
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20130335785A1 (en) * | 2010-12-27 | 2013-12-19 | Peking University Founder Group Co., Ltd. | Method and system for document printing management and control, and document source tracking |
US9075971B2 (en) | 2011-10-14 | 2015-07-07 | Canon Kabushiki Kaisha | Information processing system, image processing apparatus, user device, control method, and storage medium |
Families Citing this family (14)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP5119028B2 (en) * | 2008-04-02 | 2013-01-16 | 京セラドキュメントソリューションズ株式会社 | Image forming system, image forming apparatus, image forming program, and image forming method |
JP5862253B2 (en) * | 2011-12-05 | 2016-02-16 | ブラザー工業株式会社 | Control device for multi-function machine |
US20130157617A1 (en) * | 2011-12-19 | 2013-06-20 | Xerox Corporation | Cellular network interface for multi-function devices |
JP6024314B2 (en) * | 2012-09-07 | 2016-11-16 | 株式会社リコー | Information processing apparatus, program, and system |
JP5761256B2 (en) | 2013-05-31 | 2015-08-12 | コニカミノルタ株式会社 | Shared data management system, shared data management device, shared data management method, and computer program |
US9426330B2 (en) * | 2013-10-04 | 2016-08-23 | Kyocera Document Solutions Inc. | Image forming apparatus and image forming system having a user authentication function |
DE112014004896T5 (en) | 2013-10-25 | 2016-08-04 | Zih Corp. | Method and apparatus for managing remote devices and for accessing remote device information |
US9811300B2 (en) * | 2014-05-30 | 2017-11-07 | Kabushiki Kaisha Toshiba | Device invoked decommission of multifunction peripherals |
US9817947B2 (en) | 2014-10-27 | 2017-11-14 | Zih Corp. | Method and apparatus for managing remote devices and accessing remote device information |
JP6256712B2 (en) * | 2015-06-25 | 2018-01-10 | 京セラドキュメントソリューションズ株式会社 | Electronic device, electronic device system and application program |
CN107894876B (en) * | 2016-10-03 | 2021-02-02 | 京瓷办公信息系统株式会社 | Information processing system and information processing method |
JP6658437B2 (en) * | 2016-10-03 | 2020-03-04 | 京セラドキュメントソリューションズ株式会社 | Information processing system and information processing method |
JP6848894B2 (en) * | 2018-01-31 | 2021-03-24 | 京セラドキュメントソリューションズ株式会社 | Image formation system and image formation method |
US11295183B1 (en) * | 2021-05-28 | 2022-04-05 | Hewlett-Packard Development Company, L.P. | Deployment of digitally signed custom color table to imaging device |
Citations (9)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US6163383A (en) * | 1996-04-17 | 2000-12-19 | Fuji Xerox Co., Ltd. | Method for providing print output security in a multinetwork environment |
US20050141012A1 (en) * | 2003-12-02 | 2005-06-30 | Canon Kabushiki Kaishi | Image forming apparatus and information processing apparatus capable of communicating with the image forming apparatus |
JP2007088944A (en) | 2005-09-22 | 2007-04-05 | Konica Minolta Business Technologies Inc | Image processing apparatus, its control method and computer program |
US20070216935A1 (en) * | 2006-03-17 | 2007-09-20 | Fuji Xerox Co., Ltd. | Image forming apparatus, printing system, job execution system, and job execution method |
JP2007245627A (en) | 2006-03-17 | 2007-09-27 | Fuji Xerox Co Ltd | Image forming apparatus, printing system, and job execution method |
US20070229873A1 (en) * | 2006-03-31 | 2007-10-04 | Canon Kabushiki Kaisha | Information processing apparatus and printing apparatus communicating with information processing apparatus |
US20070273915A1 (en) | 2006-05-29 | 2007-11-29 | Canon Kabushiki Kaisha | Information processing apparatus, control method thereof, and program thereof |
JP2008140067A (en) | 2006-11-30 | 2008-06-19 | Konica Minolta Business Technologies Inc | Method of limiting use of image forming device, server, image processing system, and computer program |
US20080178265A1 (en) * | 2006-12-28 | 2008-07-24 | Canon Kabushiki Kaisha | Information processing system, information processing apparatus and method and program therefor |
-
2009
- 2009-11-26 JP JP2009268575A patent/JP5069819B2/en active Active
-
2010
- 2010-11-19 US US12/950,704 patent/US8681357B2/en not_active Expired - Fee Related
Patent Citations (11)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US6163383A (en) * | 1996-04-17 | 2000-12-19 | Fuji Xerox Co., Ltd. | Method for providing print output security in a multinetwork environment |
US20050141012A1 (en) * | 2003-12-02 | 2005-06-30 | Canon Kabushiki Kaishi | Image forming apparatus and information processing apparatus capable of communicating with the image forming apparatus |
JP2007088944A (en) | 2005-09-22 | 2007-04-05 | Konica Minolta Business Technologies Inc | Image processing apparatus, its control method and computer program |
US20070216935A1 (en) * | 2006-03-17 | 2007-09-20 | Fuji Xerox Co., Ltd. | Image forming apparatus, printing system, job execution system, and job execution method |
JP2007245627A (en) | 2006-03-17 | 2007-09-27 | Fuji Xerox Co Ltd | Image forming apparatus, printing system, and job execution method |
US20070229873A1 (en) * | 2006-03-31 | 2007-10-04 | Canon Kabushiki Kaisha | Information processing apparatus and printing apparatus communicating with information processing apparatus |
US20070273915A1 (en) | 2006-05-29 | 2007-11-29 | Canon Kabushiki Kaisha | Information processing apparatus, control method thereof, and program thereof |
JP2007317137A (en) | 2006-05-29 | 2007-12-06 | Canon Inc | Information processing apparatus and its control method and program |
US20110096351A1 (en) | 2006-05-29 | 2011-04-28 | Canon Kabushiki Kaisha | Information processing apparatus, control method thereof, and program thereof |
JP2008140067A (en) | 2006-11-30 | 2008-06-19 | Konica Minolta Business Technologies Inc | Method of limiting use of image forming device, server, image processing system, and computer program |
US20080178265A1 (en) * | 2006-12-28 | 2008-07-24 | Canon Kabushiki Kaisha | Information processing system, information processing apparatus and method and program therefor |
Cited By (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20130335785A1 (en) * | 2010-12-27 | 2013-12-19 | Peking University Founder Group Co., Ltd. | Method and system for document printing management and control, and document source tracking |
US8976383B2 (en) * | 2010-12-27 | 2015-03-10 | Peking University Founder Group Co., Ltd. | Method and system for document printing management and control, and document source tracking |
US9075971B2 (en) | 2011-10-14 | 2015-07-07 | Canon Kabushiki Kaisha | Information processing system, image processing apparatus, user device, control method, and storage medium |
Also Published As
Publication number | Publication date |
---|---|
JP5069819B2 (en) | 2012-11-07 |
JP2011114538A (en) | 2011-06-09 |
US20110122439A1 (en) | 2011-05-26 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US8681357B2 (en) | Image forming system, computer-readable recording medium storing driver program, and image forming method for remote job execution | |
US9858430B2 (en) | Image processing apparatus, method for controlling the same, program, and storage medium | |
US8982374B2 (en) | Image forming system and image forming method for collectively supporting output data formats and authentication methods | |
US8392967B2 (en) | Image forming system, image forming apparatus, and method for creating, maintaining, and applying authorization information | |
US8806594B2 (en) | Image forming apparatus, authentication information managing system, authentication information managing method, and authentication information managing program | |
US20100100968A1 (en) | Image processing apparatus | |
JP4958118B2 (en) | Image forming apparatus, information processing system, processing method thereof, and program | |
JP5069820B2 (en) | Image forming system and user manager server device | |
JP5453145B2 (en) | Image forming system and user manager server device | |
JP5412335B2 (en) | Image forming system | |
JP5186521B2 (en) | Image forming system and user manager server device | |
JP5448948B2 (en) | Image forming system and user manager server device | |
JP5630101B2 (en) | Information processing system, image forming apparatus, authentication server, processing method thereof, and program | |
JP5286232B2 (en) | Image forming system and user manager server device | |
JP5091965B2 (en) | Image forming system and user manager server device | |
JP5358490B2 (en) | Image forming system and user manager server device | |
JP2010134797A (en) | Authentication server, method, program, and authentication system | |
JP5033205B2 (en) | Image forming system and user manager server device | |
JP5145316B2 (en) | Image forming system and user manager server device | |
JP5049333B2 (en) | Authorization information registration device and authorization information registration program | |
JP5346852B2 (en) | Image forming system and user manager server device | |
JP5325818B2 (en) | Image forming system and user manager server device | |
JP5049332B2 (en) | Image forming system and user manager server device | |
JP2012158176A (en) | Image forming device, information processing system, and processing method and program for the same |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
AS | Assignment |
Owner name: KYOCERA MITA CORPORATION, JAPAN Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNORS:SATO, MASAFUMI;OGUMA, TAKASHI;REEL/FRAME:025310/0876 Effective date: 20101119 |
|
AS | Assignment |
Owner name: KYOCERA DOCUMENT SOLUTIONS INC., JAPAN Free format text: CHANGE OF NAME;ASSIGNOR:KYOCERA MITA CORPORATION;REEL/FRAME:028300/0279 Effective date: 20120401 |
|
STCF | Information on status: patent grant |
Free format text: PATENTED CASE |
|
FEPP | Fee payment procedure |
Free format text: PAYOR NUMBER ASSIGNED (ORIGINAL EVENT CODE: ASPN); ENTITY STATUS OF PATENT OWNER: LARGE ENTITY |
|
MAFP | Maintenance fee payment |
Free format text: PAYMENT OF MAINTENANCE FEE, 4TH YEAR, LARGE ENTITY (ORIGINAL EVENT CODE: M1551) Year of fee payment: 4 |
|
FEPP | Fee payment procedure |
Free format text: MAINTENANCE FEE REMINDER MAILED (ORIGINAL EVENT CODE: REM.); ENTITY STATUS OF PATENT OWNER: LARGE ENTITY |
|
LAPS | Lapse for failure to pay maintenance fees |
Free format text: PATENT EXPIRED FOR FAILURE TO PAY MAINTENANCE FEES (ORIGINAL EVENT CODE: EXP.); ENTITY STATUS OF PATENT OWNER: LARGE ENTITY |
|
STCH | Information on status: patent discontinuation |
Free format text: PATENT EXPIRED DUE TO NONPAYMENT OF MAINTENANCE FEES UNDER 37 CFR 1.362 |
|
FP | Lapsed due to failure to pay maintenance fee |
Effective date: 20220325 |